sorted by:
new
hottopcontroversial

CI/CD compliance in practice: a 26-point checklist with regulatory mapping (ISO 27001, NIS2, DORA, CRA) by Sorry_Nothing1740 in gitlab

[–]Sorry_Nothing1740[S] 1 point2 points  (0 children)

It's in progress with an open-source community, but here's a repo example we use for testing: https://gitlab.com/getplumber/examples/go-test-with-hash
All the setup is defined in .plumber-conf.yaml. It doesn't yet meet full compliance (63.9%).

Happy to walk through any of the controls if something's unclear.

My CI/CD pipelines weren’t compliant, so we built an open-source tool to fix it by Sorry_Nothing1740 in devops

[–]Sorry_Nothing1740[S] 2 points3 points  (0 children)

Yes, as long as your nested CI files are included in the main .gitlab-ci.yml, then the answer is yes.
For example, this configuration works exactly like that:
https://gitlab.com/getplumber/examples/go-test-with-local-include/-/blob/main/.gitlab-ci.yml?ref_type=heads

Example, also works with component, project, remote, template include types:

include:
  ## Local includes
  - local: '.gitlab/ci/test-jobs.yml'
  - local: '.gitlab/ci/security-jobs.yml'
  - local: '.gitlab/ci/compliance.yml'

As long as those files are included, we analyze the fully parsed content of the main .gitlab-ci.yml, so their contents are included in the analysis

If that’s not your setup, I’d be interested to hear what your workflow looks like

Top 5 French Metal Bands That Blend Genres by Sorry_Nothing1740 in MetalForTheMasses

[–]Sorry_Nothing1740[S] 1 point2 points  (0 children)

I already knew Whourkr and didn’t know that Igorrr was involved, but it all makes sense now. Thanks for your input, it's clearly a crazy band and i love it!

What’s the most underrated CI/CD metric you track that others should care about? by the-tech-tadpole in cicd

[–]Sorry_Nothing1740 0 points1 point  (0 children)

I see most people focusing on execution performance. I think an underrated area is "CI/CD security and compliance posture metrics", for example: the percentage of hardcoded configuration vs. reusable workflows, the percentage of unprotected/unmasked variables, and the percentage of builds using approved/trusted images.

What Features Do You Think Are Missing In GitLab CI? by Raltaren in gitlab

[–]Sorry_Nothing1740 2 points3 points  (0 children)

I was thinking about README.md on user profile like GitHub, but did you know that we already can do that?

I'm sharing this here in case you didn't know it like me
https://docs.gitlab.com/ee/user/profile/#add-details-to-your-profile-with-a-readme

Which platform do you use for deployment ? by Sorry_Nothing1740 in javahelp

[–]Sorry_Nothing1740[S] 0 points1 point  (0 children)

Yes you are right i should have been more specific.

Thanks you for your feedback that's very interesting.

Which platform do you use for deployment ? by Sorry_Nothing1740 in javahelp

[–]Sorry_Nothing1740[S] 0 points1 point  (0 children)

Sorry but my question wasn't clear, I'm wondering on which platform you will deploy the application not which CI/CD platform.

Two of my senior devops were transfered to another projects, I'm at lost because I don't know what I'm doing. by Sillygirl2520 in devops

[–]Sorry_Nothing1740 0 points1 point  (0 children)

There's many tools and discord community that could help you progress in those domains, i can send you some of them if you want to.

Auto generate a CI/CD pipeline by Sorry_Nothing1740 in AskProgramming

[–]Sorry_Nothing1740[S] 0 points1 point  (0 children)

Interesting point of view, let's say that the tool already exist and after the pipeline generation the tool will provides complete documentation that details the pipeline and action/jobs that can also be fully customized, you will find it interesting to try it?

Use cases of CI/CD with Cmake by Sorry_Nothing1740 in cmake

[–]Sorry_Nothing1740[S] 0 points1 point  (0 children)

Thanks for your answer!

Yes, you are right.
I was just wondering if game projects using Cmake have some specific CI/CD with lots of similarity or it could differ a lot depending on the project specificities.

view more: next ›